So today in the evening I open my email on iPad and see bunch of emails.
So as you may guess. Someone stole my netflix account, bought premium from my debit card and changed it. What am I doing? I am trying to press link that no, I haven’t asked for changing email. And you know what I got? Link expired. I am checking with support. I am angry, panicking. Obviously make mistakes. I remember what I had on my watch list and don’t remember anything about profile. clearly know That I only used netflix from single device. Here is response:
Yes, I clearly made mistake in communication. Because sometimes I write my name as Andrew, sometimes as Andriy. But I had only this crappy chat without ability to post any details or screenshots. I wasn’t asked about time of emails. My past activity like what I watched and what was added to my list. And link to notify that my email was changed without my consent was outdated in the evening. I don’t normally check my garbage mail during working hours.
You may think that I am scammer. Because probably I can’t prove that my account was really stolen to the wide audience. And I guess you are right and should be cautious. As a software engineer who is aware about risks I should have been changing my password regularly. Instead I just logged in once into netflix and forget however:
- I can’t use netflix with my apple id, google account, whatever. So generally netflix security sucks. They force you to have one more login/password
- Their support chat garbage. No questions about activity itself, about my activity in past month, etc. I can provide them my personal passport if they needed it. Or I could have a call. But no, no suggestions like that.
Why am I posting this?
- I am extremely angry that lost my account. Someone got my data like what I was watching.
- I hope that someone will see this and will pay more attention to their accounts.
- And no, I am not going to use netflix anymore. They should at least give option of using external login. Why we have OIDC in 2021 to use separate credentials for some service?
How I was hacked? I have no idea to be honest. And that scares me a lot. Perhaps weak password? Or maybe NordVPN service which I used for privacy was leaking my data? Or maybe I missed critical patch to my iPad OS.
UPD: After contacting their support next time I got response:
The process was like: they told me that my old account can’t be recovered and they can only block it. They guided me through the process of account creation. Perhaps were reselling their service again or checking if I am not lying. I won’t be able to know if they blocked my old account for real or not…
Personally I only agreed to create new account in hope that they are checking if I am not lying and interested in using their service. This time at least they checked my past transactions. So hope that they at least marked that account somehow and tracking its usage or whatever.